It takes two: The 2025 Sophos Active Adversary Report

The Economic Times reports: Utilities under fire: Nova Scotia Power cyberattack raises alarm Nova Scotia Power and its parent company, Emera, are scrambling to contain the fallout of a cyberattack on critical infrastructure that disrupted IT systems but spared physical operations. The cybersecurity breach came to light on April 25, when the utility discovered unauthorized…

MORSECORP Inc. (MORSE), of Cambridge, Massachusetts, has agreed to pay $4.6 million to resolve allegations that MORSE violated the False Claims Act by failing to comply with cybersecurity requirements in its contracts with the Departments of the Army and Air Force. The settlement resolves allegations that MORSE submitted false or fraudulent claims for payment on contracts with…

A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. “RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality – making it a uniquely powerful threat,”…

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks…

Here’s today’s example of how an entity may claim that they had no reason to believe patient data had been compromised, only to find that it had been. In February, Whitman Hospital & Medical Clinics (“WHMC”) in California discovered they had been the victim of a cyberattack that occurred between December 26 and February 28….

Has a North Korean threat actor applied for a position at your organization, or even been hired? We’re sharing a toolkit to help you detect and avoid that risk.